|
197121
|
9.6 |
CRITICAL
Network
|
google
microsoft
|
chrome
edge_chromium
|
Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
|
CWE-416
Use After Free
|
CVE-2021-21121
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197122
|
8.8 |
HIGH
Network
|
google
microsoft
|
chrome
edge_chromium
|
Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
CWE-416
Use After Free
|
CVE-2021-21120
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197123
|
8.8 |
HIGH
Network
|
google
microsoft
|
chrome
edge_chromium
|
Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
|
CWE-416
Use After Free
|
CVE-2021-21119
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197124
|
8.8 |
HIGH
Network
|
google
microsoft
|
chrome
edge_chromium
|
Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2021-21118
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197125
|
7.8 |
HIGH
Local
|
google
|
chrome
|
Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.
|
CWE-362
CWE-59
Race Condition
Link Following
|
CVE-2021-21117
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197126
|
7.5 |
HIGH
Network
|
marked_project
|
marked
|
Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. Thi…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2021-21306
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197127
|
4.3 |
MEDIUM
Network
|
carrierwave_project
|
carrierwave
|
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF …
|
-
|
CVE-2021-21288
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197128
|
8.8 |
HIGH
Network
|
carrierwave_project
|
carrierwave
|
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulner…
|
CWE-94
Code Injection
|
CVE-2021-21305
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197129
|
5.5 |
MEDIUM
Local
|
netty
debian
quarkus
oracle
netapp
|
netty
debian_linux
quarkus
banking_trade_finance_process_management
banking_credit_facilities_process_management
banking_corporate_lending_process_management
nosql_database
commu…
|
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Fina…
|
-
|
CVE-2021-21290
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197130
|
7.5 |
HIGH
Network
|
httplib2_project
|
httplib2
|
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header…
|
-
|
CVE-2021-21240
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
